Appearance

大纲

概述

AWS 的S3接口协议具有广泛的开源工具支持,FOS兼容AWS S3主要常用接口,对于基于S3接口协议开发的各类应用及服务,可以轻松迁移到FOS。 接口的具体兼容情况,在下文中做了详细叙述。 FOS的S3协议接口提供了对象存储的基本功能,为了更好的使用FOS丰富的产品功能,更推荐使用FOS接口。

服务域名

使用如下服务域名通过AWS S3协议访问FOS:

访问Endpoint协议
fos.flymeyun.comHTTPS

通过AWS S3协议访问FOS和直接访问FOS类似,也支持path-style和 bucket virtual hosting两种方式,以GetObject举例,两种风格请求语法如下:

风格请求语法
bucket virtual hostingGET /object HTTP/1.1
Host: bucket.fos.flymeyun.com
Path-styleGET /bucket/object HTTP/1.1
Host: fos.flymeyun.com

兼容签名认证

兼容最新的AWS Signature Version 4,签名方法见Authenticating Requests (AWS Signature Version 4)

签名Header示例

以下是使用S3签名认证方法访问BOS的示例,使用Authorization请求Header提供身份验证信息,具体内容如下:

Authorization: AWS4-HMAC-SHA256
Credential=82fa964ae**********0dfeea44c0683/20230216/US/s3/aws4_request,
SignedHeaders=host;x-amz-content-sha256;x-amz-date,
Signature=98afff082015a6490a50567b2fa9a0e64f0ae81105a3a62da86bc50806c293fb

注意事项

  1. AWS4-HMAC-SHA256:用于计算签名的算法,该字符串指定AWS签名版本即AWS4和签名算法HMAC-SHA256。
  2. Credential:包括用于计算签名的Access Key、日期和服务,格式:<access-key>/<date>/US/s3/aws4_request, 其中<date>使用日期格式为YYYYMMDD

详细说明请参考sigv4-auth-using-authorization-header

  1. 签名计算目前仅支持 Transfer Payload in a Single Chunk 和 Transfer Payload in Multiple Chunks。

完整请求示例:

GET / HTTP/1.1
Host: fos.flymeyun.com
Accept-Encoding: identity
User-Agent: Boto3/1.26.72 Python/3.9.6 Darwin/22.1.0 Botocore/1.29.72 Resource
X-Amz-Date: 20230216T025415Z
X-Amz-Content-SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Authorization: AWS4-HMAC-SHA256 Credential=82fa964ae**********0dfeea44c0683/20230216/US/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=98afff082015a6490a50567b2fa9a0e64f0ae81105a3a62da86bc50806c293fb
amz-sdk-invocation-id: d2f1690c-ea14-4298-8bf5-052f797d4b4d
amz-sdk-request: attempt=1

HTTP/1.1 200 OK
Date: Thu, 16 Feb 2023 02:54:16 GMT
Content-Type: application/xml
Content-Length: 9061
Connection: keep-alive
X-Amz-Id-2: vl7FafIEg8tsAO58XjrWu/PAaxp5HdsDsBHYVzKdQM/Dz0M6Xk1zqL5ckWgBdMcwhQC3fHuZqNA3S1FrzeM/PA==
X-Amz-Request-Id: 05fb9355-e743-4900-be4d-e1be627d1ce2

兼容公共头

公共请求头

AWS S3 请求头描述
Authorization兼容以AWS4-HMAC-SHA256开头V4版本认证
Content-Length兼容
Content-Type兼容
Content-MD5兼容
Date兼容
Expect兼容
Host兼容
x-amz-content-sha256兼容
x-amz-date兼容
x-amz-security-token兼容

公共响应头

AWS S3 响应头描述
Content-Length兼容
Content-Type兼容
Connection兼容
Date兼容
ETag兼容
x-amz-delete-marker未兼容
x-amz-request-id设置为与原生响应头x-ic-request-id相同
x-amz-id-2设置为与原生响应头x-ic-debug-id相同
x-amz-version-id未兼容

兼容接口

Service API

AWS S3接口描述
GET Service/List Buckets兼容

Bucket API

AWS S3接口描述
DELETE Bucket兼容
GET Bucket/List Objects兼容GET Bucket (List Objects) Version 1
GET Bucket acl兼容
GET Bucket Location兼容
HEAD Bucket兼容
List Multipart Uploads兼容
PUT Bucket未支持x-amz-grant-*
PUT Bucket ACL未支持x-amz-grant-*
List Objects兼容
List Objects V2未支持 fetch-owner
OPTIONS兼容

Object API

AWS S3接口描述
DELETE Object未支持x-amz-mfa
GET Object兼容
HEAD Object未支持x-amz-server-side-encryption-*
PUT Object未支持x-amz-grant-*,x-amz-server-side-encryption-*,x-amz-storage-class支持STANDARD, STANDARD_IA
PUT Object - Copy兼容
Abort Multipart Upload兼容
Complete Multipart Upload兼容
Initiate Multipart Upload未支持x-amz-grant-*,x-amz-server-side-encryption-*;x-amz-storage-class支持STANDARD, STANDARD_IA
List Parts兼容
Upload Part未支持x-amz-server-side-encryption-*

兼容工具

兼容说明

大多数基于AWS S3开发的工具都可以设置访问地址。通过设置这些工具的访问地址为FOS的AWS S3服务域名,您就可以使用这些工具访问FOS。下面以一些常用SDK和工具为例,说明如何对接FOS。 说明:

字串含义
$ACCESS_KEYFlyme云账号的Access key
$SECRET_KEYFlyme云账号的Secret key

AWS SDK for Python

  1. 安装Boto类库:
shell
pip install boto3
  1. 使用AWS SDK for python访问Fos
python
import boto3
from botocore.client import Config
s3 = boto3.client(
    's3',
    aws_access_key_id=$ACCESS_KEY,
    aws_secret_access_key=$SECRET_KEY,
    endpoint_url='https://fos.flymeyun.com',
    region_name='US',
    config = Config(
        signature_version='s3v4',
    )
)
# Use S3 client
s3.create_bucket(...)

AWS SDK for Java

  1. 添加依赖包到pom.xml
//添加下面AWS Java SDK依赖包到pom.xml
<dependency>
  <groupId>com.amazonaws</groupId>
  <artifactId>aws-java-sdk</artifactId>
  <version>1.11.82</version>
</dependency>
  1. 使用AWS SDK for java访问Fos
java
import java.io.IOException;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.model.*;
import com.amazonaws.services.s3.S3ClientOptions;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.SDKGlobalConfiguration;

public class S3Sample {
    public static void main(String[] args) throws IOException {
        System.setProperty(SDKGlobalConfiguration.ENABLE_S3_SIGV4_SYSTEM_PROPERTY, "true");
        AmazonS3 s3 = new AmazonS3Client(new BasicAWSCredentials($ACCESS_KEY,$SECRET_KEY));
        s3.setEndpoint("https://fos.flymeyun.com");
        S3ClientOptions options = new S3ClientOptions();
        options.withChunkedEncodingDisabled(true);
        s3.setS3ClientOptions(options);

        // Use S3 Client
        s3.createBucket(...);
    }

}
  1. 编译代码
shell
mvn package

AWS PHP SDK

  1. 安装:下载aws.phar,更多安装方式见AWS PHP SDK安装方式
  2. 使用AWS SDK for PHP访问Fos
php
<?php
  require 'aws.phar';
use Aws\S3\S3Client;
use Aws\Exception\AwsException;

$s3Client = new S3Client([
                         'version'     => 'latest',
                         'region'      => 'bj',
                         'credentials' => [
                         'key'    => $ACCESS_KEY,
                         'secret' => $SECRET_KEY,
                         ],
                         'endpoint' => 'https://fos.flymeyun.com',
                         'signature_version' => 'v4',
                         ]);

$buckets = $s3Client->listBuckets();
foreach ($buckets['Buckets'] as $bucket){
  echo $bucket['Name']."\n";
}

AWS Golang SDK

  1. 安装go get -u github.com/aws/aws-sdk-go
  2. 使用AWS SDK for Golang访问Fos
go
import (
    "github.com/aws/aws-sdk-go/aws"
    "github.com/aws/aws-sdk-go/aws/session"
    "github.com/aws/aws-sdk-go/service/s3"
    "github.com/aws/aws-sdk-go/aws/credentials"
)
conf := &aws.Config{
    Region:           aws.String("US"),
    Endpoint:         aws.String("https://fos.flymeyun.com"),
    Credentials:      credentials.NewStaticCredentials($ACCESS_KEY, $SECRET_KEY,, ""),
}
sess := session.Must(session.NewSessionWithOptions(session.Options{Config:*conf}))
svc := s3.New(sess)
getObjectParams := &s3.GetObjectInput{
    Bucket:             aws.String("my-bucket"),
    Key:                aws.String("my-object"),
}
getObjectResp, err := svc.GetObject(getObjectParams)
if err != nil {
    fmt.Println(err.Error())
    return
}

AWS CLI工具

  1. 安装AWS CLI工具pip install awscli
  2. 使用AWS CLI访问FOS
  • 编辑配置文件
shell
$ cat ~/.aws/config
[default]
s3 =
    signature_version = s3v4
region = US

$ cat ~/.aws/credentials
[default]
aws_access_key_id = $ACCESS_KEY
aws_secret_access_key = $SECRET_KEY
  • 执行命令示例
shell
aws --endpoint-url https://fos.flymeyun.com s3 ls  #list bucket
aws --endpoint-url https://fos.flymeyun.com s3 ls s3://${bucketname}  #list object
  • 参考文档

https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html